Keystore Introduction

Key players in the blockchain industry: User, Wallet and Node

In the blockchain industry, there are a few important key players: User, Wallet, and Node.

The User can use the blockchain technology to send or receive cryptocurrencies. A user can be an active user of blockchain-based applications, also known as DApps (Decentralized App) to raise a crypto asset, like a cute character in a game. The User may also post an interesting article on a blockchain-based SNS, where the user gets credits for the number of likes or comments from other users.

All of these use cases require the user to connect to the blockchain network. Wallet or DApps provide the user an interface to connect to the blockchain network, such as Bitcoin or Ethereum. Unlike the traditional wallets, blockchain wallets do not hold any money or an asset of the user, but simply show users a record of all transactions on the ledger that are related to the user’s account. When a user tries to send a certain amount of cryptocurrency to another user, the wallet creates a transaction in a correct format to submit to the blockchain network.

One of the key components of a transaction is a user’s signature. A wallet must be able to sign a transaction with the user’s private key. Some wallets generate a key pair in the wallet by itself and sign the transaction upon user’s request. Some may not generate the key pair itself, but instead, support the use of a separate hardware wallet, which will store the key and complete the signature part of a blockchain transaction. Nevertheless, because there is a fee that must be paid in order to write on the ledger of the blockchain network, a user’s signature that implies that the user has checked and approved the fee, cannot be emphasized enough.

Lastly, when a wallet or a DApp submits the signed transaction to the blockchain network, nodes, similar to server, checks the validity of the transaction and use a consensus protocol to agree whether to include the received transaction in the ledger or not. If it is included, then the transaction is now shared to everyone participating in the network.

Digital signature in blockchain

Using a digital signature in the blockchain is one of the fundamentals to understand the technology. The user’s digital signature implies many things. By signing the transaction, the user is confirming that the information in the transaction, such as the recipient address, amount, and fee, are all correct. The signature also guarantees the identity of the user. Only the user that actually holds the key can sign the transaction, because there will be a different result if a different key was used to sign the transaction. Digital signature provides non-repudiation as well, since it is a combination of the user’s key and the contents, thereby the user cannot deny its existence.

Because there is no centralized server that controls the network in blockchain, it is impossible to cancel or reverse a transaction that has been submitted to the network. Hence, the biggest challenge that the wallets and DApps face is how to sign a transaction safely. To sign a transaction, a user’s private key is needed. In other words, the user’s private key is what must be kept in a safe place. Moreover, the execution environment, where the signing is happening, must be also safe.

Advent of hardware wallets

To avoid the security threats of computer viruses and other remote dangers in the web environment, hardware wallet came out into the world. Along with a print out, or a paper wallet, hardware wallet is one of the choices of Cold Wallet, a wallet that is not connected to the Internet. A hardware wallet usually has a separate space to create, store and use the private key. In such an isolated environment, hardware wallets are invulnerable to remote attacks.

Hardware wallets also have a separate secure display to get user’s confirmation of the blockchain transaction. The information shown by the hardware wallet’s screen is independently displayed from the host that it is connected to, such as the computer.

Yet, there are usability issues when it comes to using a hardware wallet. The user must carry the wallet around and make sure to keep that hardware wallet in a safe place. Also, the complexities and inconvenience of plugging the hardware wallet USB and running an online web app on the computer, and using the hardware wallet to sign a transaction still remain as a challenge.

Samsung Blockchain Keystore launched with Galaxy S10 series

At the beginning of the year 2019, Samsung Blockchain Keystore was launched with the Galaxy S10 series to store the user’s private key in the secure area of the phone and sign blockchain transactions in a safe environment. As a preloaded feature on selected devices in selected countries, Samsung Blockchain Keystore aims to contribute to the blockchain ecosystem to help users and blockchain apps leverage security features of the device and thus, safely use blockchain technology on the mobile.

Samsung Blockchain Keystore can be found by going to the device’s Settings > Biometric and Security. Under the Security category, you will see “Samsung Blockchain Keystore.”

With the Samsung Blockchain Keystore app, users can leverage features including key management, signing a transaction, setting up a PIN and a fingerprint as an authentication method, and managing Samsung Blockchain Keystore settings options. More details on each feature are as follows.

① Key Management

The user can create a new key pair (public and private key) or import an existing one that was created from other wallets. More specifically, Samsung Blockchain Keystore supports BIP-39 (Bitcoin Improvement Proposal) standard, and is a HD (Hierarchical Deterministic) Wallet. More details will be covered in the Key Management section.

In the set up page, “Create a new wallet” means generating a Root Seed, that can derive both a public key and a private key used to make Blockchain-based transactions, payments or contracts in Decentralized Apps or other wallet services that have integrated with Samsung Blockchain Keystore.

Because this Root Seed is about 128 to 256 bits of 0 and 1, and is not friendly to read nor remember, 12 to 24 words of recovery phrase can replace the Root Seed. Anyone who knows the Recovery Phrase can access and sign the blockchain transactions.

So the user will need to write down the 12 words and make sure not to lose it. Note that once the process is complete, Samsung Blockchain Keystore will NEVER ask the user to enter all the words again.

Import an existing wallet” means the user already has 12 to 24 words of recovery phrase, created in Samsung Blockchain Keystore on a different device, or from other wallets that support BIP-39 standard. Once the user enters the correct words of recovery phrase, the wallet will be imported and the set up process is complete. Likewise, once the process is complete, Samsung Blockchain Keystore will NEVER ask the user to enter all the words again.

② Sign a Transaction

The user can send cryptocurrency or purchase a crypto item in blockchain apps that have been integrated with Samsung Blockchain Keystore. In the midst of proceeding a blockchain transaction, the user can check sensitive information of the transaction, such as the recipient address, sending the amount and the fee on a secure screen, called Trusted User Interface (TUI) executed by Samsung Blockchain Keystore, and confirm the transaction for Samsung Blockchain Keystore to sign it.

③ PIN and Fingerprint Management

During the process of setting up a wallet, the user will need to set up a six-digit PIN to protect the crypto assets. A PIN is a verification method for cryptocurrency transaction, payment and smart contract in Samsung Blockchain Keystore-integrated services.

If the user has a fingerprint registered on the device, then the user can also set up a fingerprint as the alternative authentication method.

The PIN or Fingerprint will be asked every time a user wants to sign a blockchain transaction, check confidential information, like the Recovery Phase, or change PIN.

④ Manage Samsung Blockchain Keystore

Once the user has set up the wallet, when the user clicks “Samsung Blockchain Keystore” menu in the device’s Settings (Biometric and Security), the user will land on Samsung Blockchain Keystore’s main page, where the user can manage Samsung Blockchain Keystore-related options.

The user can change the PIN, enable or disable fingerprint as an authentication method, check Recovery Phrase and reset Samsung Blockchain Keystore. Other things, such as setting alarm notifications or connecting to a channel to send questions or comments to Samsung Blockchain team can be found here as well.

More information, such as How to Use, or Notices from Samsung Blockchain team, Terms and Conditions, and other information related to Samsung Blockchain Keystore are also available.

What will be covered?

Throughout this site, we will look deep into the Samsung Blockchain Keystore. The following items will be discussed.

  • Security considerations when building Samsung Blockchain Keystore and bringing the blockchain ecosystem onto the mobile.

  • Overall architecture of how Samsung Blockchain Keystore is designed and end-to-end service flow, including the exact role of Samsung Blockchain Keystore SDK that will be integrated into your app.

  • Security measures including the execution environment and how keys are generated will be explained in detail.

  • Benefits for developers integrating Samsung Blockchain Keystore SDK and what kind of services we welcome.